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DISPOSITIF ET PROCEDE DE SECURISATION D'UN MEDIA DE 

STOCKAGE DE DONNEES 

La presente invention concerne un dispositif de securisation d'un 
media de stockage de donnees. Elle concerne egalement un procede de 
securisation d'un tel dispositif. 

L'invention trouve une application particulierement avantageuse 
5 dans des dornaines tels que les domaines de l'informatique, des jeux, de 
l'audiovisuel.... Les medias de stockage de donnees comprennent des 
donnees destinees a etre exploitees generalement sur un terminal tel 
qu'un ordinateur ou un moniteur de television. Lesdites donnees sont 
des informations de type texte, des images, du son ou encore des 
10 logiciels. 

De nombreuses copies frauduleuses des donnees contenues dans 
lesdits medias sont effectuees au moyen de logiciels accessibles a tous. 
Ces logiciels permettent de dupliquer des donnees d'un media en depit 
des droits d'auteurs qui protegent generalement lesdites donnees. Un 

15 dispositif connu de l'etat de Tart propose d'utiliser un boitier de securite 
pour empecher les copies pirates des donnees contenues dans un 
media. Le boitier qui contient un circuit electronique d'identification est 
relie par exemple a un ordinateur dans lequel est introduit ledit media. 
Ledit dispositif divulgue la presence d'un programme dans le media 

20 permettant d'identifier le boitier de securite par Tintermediaire dudit 
circuit electronique. Le programme est charge dans l'ordinateur puis il 
effectue l'identification. En cas d'absence du boitier approprie, les 
donnees ne peuvent etre lues, par suite, le media ne peut etre utilise. Le 
dispositif n'offre qu'une securite minimale dans la mesure ou le 

25 programme de verification peut etre neutralise sur l'ordinateur. II 
n'existe alors plus aucune protection. De plus, generalement, un boitier 
de securite est associe a un seul media. Par suite, la gestion de la 
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securite devient tres onereuse et compliquee puisqu'il faut un nouveau 
boitier de securite pour tout nouveau media. 

Aussi un probleme technique a resoudre par 1'objet de la presente 
invention est de proposer un dispositif de securisation d'un media de 
5 stockage de donnees, ainsi qu"un precede de securisation d'un tel 
dispositif, qui permettent d'eviter les copies frauduleuses des donnees 
contenues dans lesdits medias tout en n'alourdissant pas l'utilisation 
desdits medias. 

Une solution au probleme technique pose se caracterise, selon un 
10 premier objet de la presente invention, en ce que ledit dispositif 
comporte, integres dans ledit media, d'une part, un objet portatif 
comportant une memoire comprenant au moins une clef secrete unique 
audit media, et, d'autre part, des moyens d'echange de donnees, ladite 
clef permettant de decrypter des donnees dudit media, lesdits moyens 
15 d'echange permettant d'echanger lesdites donnees entre ledit objet 
portatif et ledit media. 

Selon la presente invention, un procede de securisation d'un 
media de stockage de donnees est remarquable en ce que le procede 
comporte les etapes consistant a : 
20 - on decrypte des donnees dudit media au moyen d'une clef 

secrete, unique audit media, contenue dans une memoire d'un 

objet portatif integre audit media, 

- on echange les donnees dudit media entre ledit objet portatif et 
ledit media grace a des moyens d'echange de donnees integres 
25 audit media. 

Ainsi, comme on le verra en detail plus loin, le dispositif de 
llnvention permet de proteger des donnees du media en les cryptant et 
d'empecher ainsi une lecture en clair des donnees. Une copie des 
donnees est inutilisable puisque lesdites donnees sont cryptees. Pour 
30 effectuer une lecture desdites donnees, ces dernieres doivent etre au 
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prealable decryptees au moyen d'une clef secrete contenue dans ledit 
objet, lequel est integre dans le media de stockage de donnees. La clef 
secrete est unique a un media. Ainsi, une lecture en clair de donnees 
est uniquement possible a partir dudit media. 

La description qui va suivre au regard des dessins annexes, 
donnes a titre d'exemples non limitatifs, fera bien comprendre en quoi 
consiste Tinvention et comment elle peut etre realisee. 

La figure 1 est une vue de dessus d'un media de stockage 
comportant un dispositif de securisation conforme a l'invention. 

La figure 2 est un schema d'un objet portatif compris dans le 
dispositif de securisation de la figure 1 . 

La figure 3 est une vue de cote d'un lecteur de media, du media et 
du dispositif de securisation de la figure 1. 

La figure 4 est un schema logique du lecteur de media de la figure 

3. 

La figure 5 est un autre schema logique du lecteur de media de la 
figure 3. 

La figure 6 est une vue partielle en perspective du lecteur de 
media de la figure 3. 

La figure 7 est une vue de dessus d'une premiere realisation du 
dispositif de securisation de la figure 1. 

La figure 8 est une vue de dessus d'une seconde realisation du 
dispositif de securisation de la figure 1 . 

La figure 9 est une vue de dessus partielle du lecteur de media de 
la figure 3. 

La figure 10 est un schema de donnees provenant du media de la 
figure 1. 

La figure 1 1 est un autre schema de donnees provenant du media 
de la figure 1 . 



Sur la figure 1 est represents un media 10 de stockage de 
donnees. Ledit media integre un objet portatif 20 et des moyens 
d'echange de donnees. Le media 10 comporte trois zones principales. La 
zone peripherique 11 permet de stocker des donnees. Les deux autres 
zones sont des zones centrales. L'une est un trou 13 place au centre du 
media et dans lequel un axe mecanique peut se glisser, ladite zone 
correspond ainsi a ion axe de rotation. L'autre est une zone neutre 12 
placee entre le trou 13 et la zone peripherique 11 et ne con tenant 
aucune donnee. Ledit objet portatif 20 est integre dans une zone 
centrale dudit media 10 qui est la zone neutre 12. Comme le montre la 
figure 2, l'objet portatif 20 comprend une memoire 22 et un bloc de 
contacts 23 permettant d'etablir des contacts electriques avec par 
exemple un terminal. La memoire 22 comprend une clef Kl secrete. 
Cette clef est unique pour chaque media, c'est a dire qu'elle n'a pas de 
doublet, ni dans le media auquel elle appartient, ni dans d'autres 
medias. Ledit objet portatif 20 comprend un ciyptoprocesseur 21. 

Ledit media 10 est un disque optique. Un disque optique est un 
disque compose de pistes comportant des donnees. Lesdites donnees 
comprennent un logiciel d'application tels que par exemple un logiciel 
de jeu video ou d'exploitation de bases de donnees. 

La suite du present expose de l'invention a trait a l'exemple des 
CD-ROM. Neanmoins, il est bien entendu que l'invention s'applique de 
maniere generate a tout autre disque optique. 

Dans le cas d'un CD-ROM, les donnees d'une piste sont formatees 
suivant des standards tels que ceux appeles Livre Jaune et Livre Vert 
definis par Philips. Les standards definissent essentiellement deux 
modes de formatage de donnees. Suivant un premier mode appele mode 
1, la piste comporte des donnees utilisateurs, des donnees d'entete et 
des donnees de detection d'erreurs permettant d'avoir deux niveaux de 
detection d'erreurs. Suivant un deuxieme mode appele mode 2, la piste 
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comporte des donnees utilisateurs, des donnees d'entete et des donnees 
de detection d'erreurs permettant d'avoir un seul niveau de detection 
d'erreurs. Les donnees d'entete comprennent un numero de piste et des 
indicateurs de debut et fin de piste. Les donnees utilisateurs 
5 comprennent le logiciel d'application. 

Le media 10 connait trois grandes phases. Une phase de 
fabrication, une phase dite de gravure-personnalisation et une phase 
d'utilisation. 

Lors de la phase de fabrication, on place le media 10 sur une 

10 machine de fraisage qui realise un logement dans lequel on integre 
l'objet portatif 20. Ledit objet est insere et colle dans le logement. 
Cependant, le poids dudit objet portatif peut desequilibrer ledit media 
10. Afin d'eviter ce probleme, on prevoit que ledit media 10 comporte 
des moyens E d'equilibrage permettant d'equilibrer ledit media en le 

15 replagant son centre de gravite sur son axe de rotation. Un mode de 
realisation non limitatif desdits moyens d'equilibrage se fera au moyen 
d'une masselotte d'equilibrage composee d'une rondelle de metal collee 
dans un fraisage effectue dans ledit media, ladite masselotte etant 
diametralement opposee audit objet portatif 20 du media 10, comme le 

20 montre la figure 1. La phase de fabrication est terminee. 

Lors de la phase de gravure-personnalisation, des donnees sont 
cryptees et inscrites dans le media 10. Le cryptage et l'inscription, 
appelee aussi gravage, se font au moyen d'une machine de gravage. On 
prevoit que ladite machine de gravage est composee essentiellement des 

25 elements suivants : 

- une sonde munie de contacts permettant un echange de donnees 
entre un ordinateur pilotant ladite machine et Tobjet portatif 20 
integre du media 10, 

- un ciyptoprocesseur representant un algorithme de cryptage, 
30 permettant de crypter des donnees a graver, 



- un logiciel generateur de clefs secretes, 

- un logiciel de chargement de clefs secretes dans l'objet portatif 20 du 
media 10. 

La phase de gravure-personnalisation se deroule selon les etapes 
suivantes : 

- on charge un media 10 vierge, 

- on genere un jeu individuel de clefs secretes uniques, 
on determine les donnees a crypter, 

- on ciypte les donnees au moyen d'une clef Kl secrete unique, 

- on inscrit lesdites donnees cryptees dans ledit media 10 ainsi que les 
donnees non cryptees, 

- on charge le jeu individuel de clefs secretes uniques dans l'objet 
portatif 20 du media 10. 

La clef Kl secrete unique provient du jeu individuel de clefs genere. 
Ladite clef Kl est soit Tune des clefs du jeu de clefs, soit une 
combinaison de clefs dudit jeu. On peut choisir de crypter toutes les 
donnees du media ou seulement une partie. Une piste comporte des 
blocs de donnees de deux mille quarante huit octets. Les donnees sont 
cryptees par groupe de huit octets si on utilise un algorithme de 
cryptage tel que le DES. D'autres algorithmes symetriques de cryptage 
peuvent etre utilises. Lensemble des donnees est grave dans la zone 
peripherique 1 1 du media. Le gravage se fait par des procedes connus 
tels que les procedes de type magneto-optique ou brulage de colorant 
par laser. 

Desormais, le media 10 peut etre utilise. 

Lors de la phase ^utilisation, dans une premiere etape, on lit les 
donnees qui se trouvent dans le media 10. La lecture se fait au moyen 
d'un lecteur 30 de media. Comme le montrent les figures 3 et 4, le 
lecteur est compose essentiellement d'un plateau 35 dans lequel vient 
se loger le media 10, d'un moteur M permettant de faire tourner le 
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media 10, d'un axe 32 mecanique qui vient se glisser dans le trou 13 du 
media 10, de deux plaques 33 et 34, permettant de maintenir le media 
10 stable lorsque le lecteur fonctionne, d'une tete 31 de lecture laser 
comportant notamment une diode laser et des photodetecteurs, la diode 

5 laser permettant d'obtenir un faisceau laser, d'une interface 36 de type 
standard IDE ou SCSI permettant de connecter ledit lecteur 30 a un 
ordinateur 40, et, d'une interface 37 ciyptoprocesseur permettant un 
dialogue avec le ciyptoprocesseur 21 de l'objet portatif 20. La plaque 34 
est appelee poupee et est solidaire de l'axe 32. 

10 La lecture se fait de maniere optique avec le faisceau laser et est 

definie dans des standards appeles tel que le Livre Bleu edite par 
Philips. Elle se fait suivant un procede qui s'appuie sur la detection de 
la reflexion d'un faisceau laser sur une piste tantot reflechissante tantot 
absorbante definissant ainsi des donnees se presentant sous forme de 

15 lumiere. Le faisceau laser est par la suite dirige vers les photodetecteurs 
qui sont des transducteurs permettant une conversion de la lumiere en 
signaux electriques. Lesdits signaux electriques sont traites a un 
premier niveau afin d'eliminer des erreurs de discordance lors d'une 
lecture de donnees. La piste est par suite reconstitute, puis un code 

20 correcteur de deuxieme niveau est applique lorsque celle-ci est formatee 
avec le mode 1. Par la suite, ladite piste est envoyee a Tinterface 36 
dudit lecteur 30 de media. 

Le media 10 ainsi que le lecteur 30 de media ne comportent 
aucune indication permettant de dissocier les donnees ciyptees des 

25 donnees non ciyptees d'une piste. Ceci permet d'eviter une fraude qui 
consisterait a copier les indications portant sur un mode de ciyptage 
des donnees contenues dans le media 10. 

Dans une deuxieme etape, le lecteur 30 de media reconnalt si le 
media 10 est equipe d'un ciyptoprocesseur. A cette fin, il envoie la piste 

30 lue, via son interface 37 ciyptoprocesseur, au media 10. Dans le cas ou 
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des donnees sont renvoyees par ledit media via un premier canal 361 de 
communication ouvert au prealable lors de la lecture dudit media 10, 
ledit canal etant compris dans 1'interface 36, le lecteur 30 conclura a la 
presence d'un media 10 comportant un objet portatif 20 compose d'un 
5 cryptoprocesseur 21. Dans le cas contraire, aucune donnee n'est 
renvoyee, par consequent, le media 10, ne contient aucun 
cryptoprocesseur et la lecture des donnees se fait sans decryptage. 

Dans une troisieme etape, dans le cas ou le media 10 est equipe 
d'un cryptoprocesseur, comme le montre la figure 4, les donnees DATA 

10 lues sont envoyees a l'ordinateur 40 relie audit lecteur 30, via un 
deuxieme canal 362 de communication ouvert au prealable lors de la 
lecture dudit media 10, ledit canal etant compris dans 1'interface 36. 
Ces donnees sont appelees donnees brutes car elles ne subissent 
aucune modification. Dans le meme temps, on envoie les donnees DATA 

15 lues au cryptoprocesseur 21. Selon un premier moyen de realisation, on 
envoie lesdites donnees DATA, via 1'interface 37 cryptoprocesseur. 

Selon un deuxieme moyen de realisation, comme le montre la 
figure 5, on envoie, au cryptoprocesseur 21 de 1'objet portatif 20, 
lesdites donnees DATA au moyen d'un bus 38 de liaison serie 

20 universelle appelee USB, ledit bus etant integre dans l'ordinateur 40. 
Par suite, un unique canal de communication compris dans 1'interface 
36 du lecteur 30 est necessaire. Les donnees decryptees dans ledit 
cryptoprocesseur 21 sont, par la suite, renvoyees a l'ordinateur 40 via 
ce meme bus 38. 

25 On notera que ce mode de realisation est utilisable egalement lors 

de la deuxieme etape decrite precedemment. 

Lors de 1'envoi des donnees DATA lues audit cryptoprocesseur, on 
transfere les signaux electriques correspondents auxdites donnees, du 
lecteur 30 de media au media 10, et, du media 10 a Tobjet portatif 20, 
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grace aux moyens d'echange de donnees integres audit media et a des 
moyens d'echange integres au lecteur 30 de media. 

Soit, les moyens d'echange de donnees integres audit media 10 
sont avec contacts, soit, les moyens d'echange de donnees integres 

5 audit media 10 sont sans contacts. 

Dans le cas de moyens d'echange de donnees sans contacts, selon 
un mode de realisation non limitatif de Tinvention, les moyens 
d'echange de donnees integres audit media 10 sont une antenne. Les 
moyens d'echange de donnees integres au lecteur 30 sont une seconde 

10 antenne. Dans ce cas, les donnees sont echangees par couplage inductif 
entre lesdites premiere et seconde antennes. 

Dans le cas de moyens d'echange de donnees avec contacts, selon 
un premier mode de realisation non limitatif de l'invention, comme le 
montre la figure 6, des premiers moyens INJB, OUT_B, VCC_B et 

15 GRD_B d'echange sont integres au lecteur 30 de media au niveau de 
l'axe 32 et de la poupee 34, et, comme le montre la figure 7 et les 
moyens IN_A, OUT_A, VCC_A et GRD_A d'echange de donnees sont 
integres au media 10 au niveau d'une zone centrale qui est la zone 
neutre 12, Lorsque la poupee 34 est en contact avec le media 10, Les 

20 premiers moyens entrent en contact respectivement avec les deuxiemes 
moyens. Cela permet d'echanger des donnees entre ledit lecteur de 
media et ledit media. En outre, les deuxiemes moyens IN_A, OUT_A, 
VCC_A et GRD_A integrds au media 10, sont relies au bloc 23 de 
contacts de 1'objet portatif 20 en des points de contact respectifs I, O, V 

25 et G. Lesdits deuxiemes moyens IN_A, OUT_A, VCC_A et GRD__A 
permettent egalement un echange de donnees entre ledit media 10 et 
ledit objet portatif 20. Ainsi, lesdits moyens d'echange de donnees, 
integres au media 10 et au lecteur 30, comprennent des moyens 
d'echange d'entree IN_A, INJ3, des moyens d'echange de sortie OUT_A, 
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OUTJB, des moyens VCC_A, VCC_B d'alimentation et des moyens 
GRD_A, GRD_B de mise a la masse. 

Les moyens d'echange d'entree IN_A et IN_B permettent de 
transporter des donnees du lecteur de media via le media 10. Le point 
5 de contact I et le moyen d'entree IN_A permettent de transmettre les 
donnees du media 10 vers l'objet portatif 20. Les moyens d'echange de 
sortie OUT_A et OUT_B permettent de transporter des donnees du 
media 10 via le lecteur 30 de media. Le point de contact O et le moyen 
de sortie OUT_A permettent de transmettre les donnees de l'objet 

10 portatif 20 vers le media 10. Les moyens VCC_A et VCC_B 
d'alimentation permettent d'alimenter en tension ledit objet 20 portatif 
et les moyens GRD_A et GRD_B de mise a la masse permettent une 
mise a la masse dudit objet portatif. 

Selon un second mode de realisation, les moyens d'echange 

15 d'entree IN_A, INJ3 et de sortie OUT_A, OUTJ3 de donnees peuvent etre 
confondus et etre ainsi des moyens d'echange bidirectionnels. 

On notera que selon un autre mode de realisation, les premiers 
moyens IN_B, OUT_B, VCC_B et GRD_B d'echange de donnees integres 
au lecteur 30 de media peuvent etre integres au niveau de la plaque 

20 inferieure 33 du lecteur. 

Pour permettre un transport efficace des signaux electriques, les 
moyens d'echanges de donnees precites integres audit media 10 sont 
composes d'un materiau permettant une bonne conductivity et evitant 
une trop grande oxydation desdits moyens. Ainsi, ils sont composes 

25 d'or. Lesdits moyens peuvent, par exemple, etre des anneaux comme le 
montre la figure 7, des fils ou encore des arcs de cercles comme le 
montre la figure 8. II en est de meme avec les moyens d'echange de 
donnees integres au lecteur 30 de media. Preferentiellement, afin 
d'eviter la presence d'une boucle sensible au rayonnement 

30 electromagnetique et par suite d'eviter des parasites dus a ce 
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rayonnement, les moyens d'echanges de donnees integres audit media 

10 sont des arcs de cercle formant un secteur circulaire d'angle BETA et 
les moyens d'echange de donnees du lecteur 30 sont des arcs de cercle 
espaces d'un angle ALPHA inferieur a Tangle BETA, comme le montre la 

5 figure 9. Les arcs de cercles du media 10 et du lecteur 30 sont de meme 
largeur W et sont distants d'une meme largeur L. On gar an tit ainsi un 
contact permanent entre les differents moyens d'echange de donnees. 

Apres que les signaux electriques correspondants aux donnees 
DATA lues sont transmis a l'objet portatif 20 grace aux moyens 

10 d'echanges de donnees definis precedemment, les donnees DATA sont 
decryptees au moyen d'un cryptoprocesseur qui les decrypte au moyen 
de la clef Kl secrete unique contenue dans la memoire 22 de l'objet 20 
portatif. Grace a ce systeme de clef unique integree dans un objet 
portatif, une copie des donnees du media 10 sur un deuxieme media, 

15 comportant ou non un cryptoprocesseur, est inutilisable. Ledit 
cryptoprocesseur represente un algorithme inverse de celui qui a ete 
utilise pour ciypter lesdites donnees. Ledit cryptoprocesseur est 
programme ou cable. 

Selon un premier mode de realisation non limitatif, ledit 

20 cryptoprocesseur est integre audit objet portatif 20. Selon un deuxieme 
mode de realisation, le cryptoprocesseur est un cryptoprocesseur 
rattache au lecteur 30 de media. Dans ce deuxieme mode de realisation, 

11 faut envoyer la clef Kl secrete de l'objet portatif 20 dans le lecteur de 
fagon temporaire, le temps de decrypter les donnees DATA lues. II est 

25 clair que dans ce cas il n'est nul besoin d'envoyer les donnees DATA a 
Tobjet portatif 20. Cependant, on preferera le premier mode de 
realisation qui est beaucoup plus securitaire etant donne que la clef Kl 
secrete demeure dans l'objet portatif 20 et n'est pas sujette a des 
fraudes qui consisterait a espionner le lecteur 30 de media pour 

30 reconstituer ladite clef Kl secrete. 
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Dans le ciyptoprocesseur, les donnees DATA sont decryptees 
systematiquement, qu'elles soient a l'origine cryptees ou non, puis, le 
cas echeant, renvoyees audit lecteur 30, et enfin, transmises a 
l'ordinateur 40, via le premier canal 361 de communication si l'interface 

5 37 ciyptoprocesseur est utilise. 

On charge, de maniere alternative, dans une memoire 41 de 
l'ordinateur 40, les donnees DATA dudit media 10, cryptees et non 
cryptees. Comme le montre la figure 10, les donnees, non cryptees B 
dites brutes et decryptees D, sont envoyees a l'ordinateur 40 par pistes 

10 ou blocs complets, ou octets. On notera que les donnees non cryptees a 
l'origine, mais decryptees via le ciyptoprocesseur 2 1 ne sont pas utiles. 
Cependant, le fait que le lecteur 30 delivre systematiquement a 
l'ordinateur 40 les donnees brutes et decryptees permet de se premunir 
d'une attaque qui consisterait, d'une part, a differencier les donnees 

15 cryptees et non cryptees, et, d'autre part, a trouver une maniere de les 
utiliser, en se connectant tout simplement a la sortie du lecteur 30 de 
media. 

Dans une quatrieme etape, les donnees envoyees et chargees 
dans la memoire 41 de l'ordinateur 40 sont utilisees de la maniere 

20 suivante : lesdites donnees, qui comprennent le logiciel d'application du 
media 10, sont composees d'un couple de pistes ou blocs, une piste ou 
un bloc B 1 dit brut et une piste ou un bloc D 1 dit decrypte ayant pour 
meme origine une piste ou un bloc Ol de donnees lues dans le media 
10. La figure 10 montre un bloc Bl brut qui est compose, d'une part, de 

25 zones Ba de donnees non cryptees, appelees zones utiles, et, d'autre 
part, de zones Bb de donnees cryptees inutilisables. Le bloc Dl decrypte 
est compose de zones Db de donnees decryptees inutilisables et de 
zones Da, appelees egalement zones utiles, de donnees decryptees 
correspondant aux zones Bb de donnees cryptees du bloc Bl brut. 
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Le logiciel d'application comprend, d'une part, un programme 
d'autodemarrage reconnu par l'ordinateur, qui permet d' initialiser ledit 
logiciel, et, d'autre part, du code executable. Ledit code executable 
comprend un ensemble de liens permettant de relier differentes zones 

5 entre elles, de charger de nouvelles donnees en memoire, de 
reconstituer une zone de donnees. Ledit programme d'autodemarrage 
est charge initialement dans l'ordinateur 40. 

Les zones utiles des differents blocs comportent generalement, 
d'une part, une partie du code executable, et, d'autre part, des donnees 

10 d'application utilisees par le logiciel d'application telles que par exemple 
des images, du texte, du son. 

Comme le montre la figure 11, le bloc Bl brut cornporte une 
premiere zone B1Z1 utile dont le code executable s'execute et utilise les 
donnees d'application necessaires a ladite execution. A la fin de 

15 l'execution dudit code, un premier lien B1L1 permet de se positionner 
sur une premiere zone D1Z1 utile du bloc Dl decrypte. Le code de ladite 
zone s'execute. A la fin de l'execution dudit code, un lien DILI de ladite 
zone D1Z1 permet de se positionner sur une deuxieme zone B1Z2 utile 
du bloc Bl brut dont le code s'execute et ainsi de suite. Lorsque la 

20 derniere zone utile du bloc Bl brut s'execute, un lien permet de charger 
en memoire 41 de l'ordinateur les blocs ou pistes de donnees dont le 
logiciel d'application a besoin. Ainsi un ou plusieurs autres couples de 
pistes ou de blocs, brut et decrypte, sont lus et charges en memoire 41. 
On notera que selon le dispositif de securisation, comprenant un 

25 cryptoprocesseur, decrit precedemment, le lecteur 30 pourra 
comprendre un service de decryptage. On enverra ainsi des donnees de 
l'ordinateur 40 vers le cryptoprocesseur 21 du media 10 afin qu'elles 
soient decryptees. Ce service sera utile pour certaines architectures de 
securite dans lesquelles le logiciel d'application aurait a decrypter des 

30 parties de pistes durant l'execution dudit logiciel. 
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REVENDICATIONS 

1 - Dispositif de securisation d'un media (10) de stockage de 
donnees, caracterise en ce que ledit dispositif comporte, integres 
dans ledit media, d'une part, un objet (20) portatif comportant 
une memoire (22) comprenant au moins une clef (Kl) secrete 
unique audit media, et, d' autre part, des moyens d'echange de 
donnees, ladite clef (Kl) permettant de decrypter des donnees 
(DATA) dudit media, lesdits moyens d'echange (IN_A, OUT_A, 
VCC_A, GRD_A) permettant d'echanger lesdites donnees entre 
ledit objet portatif et ledit media. 

2 - Dispositif selon la revendication 1, caracterise en ce que ledit 
media est un disque optique. 

3 - Dispositif selon Tune des revendications precedentes, 
caracterise en ce que ledit objet portatif est integre dans une zone 
centrale dudit media (10). 

4 - Dispositif selon l*une des revendications precedentes, 
caracterise en ce que les moyens (IN_A, OUT_A, VCC_A, GRD_A) 
d'echange de donnees sont integres au media (10) au niveau 
d'une zone centrale. 

5 - Dispositif selon Tune des revendications precedentes, 
caracterise en ce que ledit media (10) comporte des moyens (E) 
d'equilibrage permettant d'equilibrer ledit media. 

6 - Dispositif selon l*une des revendications precedentes, 
caracterise en ce que les moyens d'echange de donnees integres 
audit media 10 sont avec contacts. 

7 - Dispositif selon Tune des revendications 1 a 5, caracterise en 
ce que les moyens d'echange de donnees integres audit media 10 
sont sans contacts. 
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8 - Dispositif selon Tune des revendications precedentes, 
caracterise en ce que les donnees (DATA) sont decryptees au 
moyen d'un cryptoprocesseur. 

9 - Dispositif selon la revendication 8, caracterise en ce que ledit 
cryptoprocesseur est programme ou cable. 

10 - Dispositif selon la revendication 8, caracterise en ce que ledit 
cryptoprocesseur est integre audit objet portatif (20). 

11 - Procede de securisation d'un media (10) de stockage de 
donnees, caracterise en ce que le procede comporte les etapes 
selon lesquelles : 

- on decrypte des donnees (DATA) dudit media (10) au moyen 
d'une clef (Kl) secrete, unique audit media, contenue dans une 
memoire (22) d'un objet (20) portatif integre audit media, 

- on echange les donnees (DATA) dudit media (10) entre ledit objet 
portatif (20) et ledit media grace a des moyens (IN_A, OUT_A, 
VCC_A, GRD_A) d'echange de donnees integres audit media. 

12 - Procede selon la revendication 11, caracterise en ce qu'il 
comporte une etape supplementaire selon laquelle : 

- on crypte des donnees au moyen d'une clef (Kl) secrete 
unique, 

- on inscrit lesdites donnees cryptees dans ledit media (10). 

13 - Procede selon Tune des revendications 11 ou 12, caracterise 
en ce qu'il comporte une etape supplementaire selon laquelle : 

- on charge, de maniere alternative, dans une memoire (41) d'un 
ordinateur (40), les donnees (DATA) dudit media (10), cryptees 
et non cryptees. 
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PROTECTED OPTICAL DISK AND METHOD FOR PROTECTING AN 
OPTICAL DISK. 

, 5 

The present invention concerns an optical disk for 
storing data. It also concerns a method for protecting said 
disk. 

Applications of the invention can be particularly 

10 advantageous in fields such as data processing, games, 
audiovisual, etc. Data storage media, especially optical 
disks, include data intended .to be generally exploited on a 
terminal, such as a computer or television monitor. Said 
data are either texts, images, sound or even software 

15 applications. 

A large number of fraudulent copies of data contained 
in said media are made using software accessible to all 
users. These software applications are able to duplicate the 
data of a media despite copyright which generally protects 

20 said data. One known device of the prior art makes use of a 
security box to prevent pirate copies being made of the data 
contained in a media. The box, which contains an electronic 
identification circuit, is connected for example to a 
computer into which said media is introduced. Said device 

25 discloses the presence of a programme in the media making it 
possible to identify the security box by means of said 
electronic circuit. The programme is loaded into the 
computer and then carries* out identification. In the absence 
of the appropriate box, the data cannot be read and 

30 accordingly the media cannot be used. The device only offers 
minimum security to the extent that the verification 
programme can be neutralised on the computer and then there 
is no longer any protection. Moreover, a protection box is 
generally associated with a single media item. As a result, 

35 the management of 
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security becomes cumbersome and complex since a new 

protection box is required for any new media item. 

Also one technical problem to be resolved by the object 

of the present invention is obtaining a protected data 
5 storage optical disk, as well as a method for rendering 

secure said disk making it possible to avoid fraudulent 

copies being made of the data contained in said disks whilst 

not burdening the use of said disks. 

According to a first object of the present invention, 
10 one solution to the technical problem stated as above is 

characterised in that said protected optical data storage 

disk comprises firstly a portable object comprising a memory 

including at least one secret key, and secondly data 

exchange means, said key being able to decrypt the data for 
15 said disk whilst remaining inside said portable object, said 

exchange means making it possible to exchange said data 

between said portable object and said disk.* 

According to the present invention, a method for 

protecting an optical disk is notable in that the method 
20 comprises the following stages consisting of : 

• decrypting the data of said disk by means of a 

secret key included in a memory of a portable object 

integrated in said disk and remaining inside said object 

during decrypting, 
25 • exchanging the data of said disk between said 

portable object and said disk by means of data exchange 

means integrated in said disk. 

Thus, as shall be seen later in more detail, the device 

of the invention makes it possible to protect the data of 
30 the media by encrypting it and thus preventing a reading in 

uncoded form of said data. A copy of the data cannot be used 

as said data is encrypted. So as to read said data, the 

latter need to be 
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previously decrypted by means of a secret key included in 
said object integrated in the data storage media. 
Preferably, the secret key is unique to one media item. 
Thus, a reading of data in uncoded form is only possible 
5 from said media. 

The following description with regard to the 
accompanying drawings, given by way of non- restrictive 
examples, shall clearly explain of what the invention 
consists of and how it can be embodied. 
10 Figure 1 is a top view of a storage media conforming to 

the invention. 

Figure 2 is a diagram of a portable object included in 
the media of figure 1 . 

Figure 3 is a side view of a media reader and the media 
15 of figure 1 . 

Figure 4 is a logic diagram of the media reader of 
figure 3 . 

Figure 5 is another logic diagram of the media reader 
of figure 3 . 

20 Figure 6 is a partial perspective view of the media 

reader of figure 3 . 

Figure 7 is a top view of a first embodiment of the 
media of figure 1. 

Figure 8 is a top view of a second embodiment of the 
25 media of figure 1. 

Figure 9 is a partial top view of the media reader of 
figure 3 . 

Figure 10 is a diagram of the data originating from the 
media of figure 1 . 
30 Figure vLl is another diagram of the data originating 

from the media of figure 1. 

Figure 1 shows a data storage media 10. Said media 
integrates a portable object 2 0 and data exchange means. 
Said media 10 comprises three main zones. The peripheral 
35 zone 11 is able to store data. The other two zones are 
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central zones. One is a hole 13 placed at the centre of the 
media and in which a mechanical pin is able to slide, said 
zone thus corresponding to an axis of rotation. The other is 
a neutral zone 12 placed between the hole 13 and the 
5 peripheral zone 11 and contains no data. Said portable 
object 20 is integrated in a central zone of said media 10 
which is the neutral zone 12. As shown on figure 2, the 
portable object 2 0 includes a memory 22 and a contacts block 
23 for establishing electric contacts with a terminal, for 

10 example. The memory 22 includes a secret key Kl . This key is 
preferably single for each media, in other words is no 
duplicate is provided either in the media to which it 
belongs or in other media. Said portable object 2 0 includes 
a cryptoprocessor 21. Said portable object is an integrated 

15 circuit chip. A chip is protected. 

Said media 10 is an optical disk. An optical disk is a 
disk composed of tracks comprising data. Said data includes 
an application software such as a video game software or 
software for exploiting data bases. 

20 The rest of the present summary of the invention deals 

with the example of CD-ROMs. Nevertheless, the invention of 
course can be applied generally to any other optical disk. 

In the case of a CD-ROM, the data of a track are 
formatted according to standards, such as those called 

25 Yellow Book and Green Book defined by Philips. The standards 
basically define two data formatting modes. According to a 
first mode called mode 1, the track comprises user data, 
header data and error detection data able to have two error 
detection levels.. According to a second mode called mode 2, 

30 the track comprises user data, header data and error 
detection data having a single error detection level. The 
header data includes a track number and start and end of 
track indicators. The user data includes the application 
software . 

35 The media 10 has three major phases. A production 
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phase, a customisation etching phase and a use phase. 

During the production phase, the media 10 is placed on 
a milling machine which makes a housing in which the 
portable object 20 is integrated. Said object is inserted 
5 and glued in the housing. However, the weight of said 
portable object can render said media 10 out of balance. So 
as to avoid this problem, said media 10 is provided with 
balancing means E for balancing said media by replacing its 
centre of gravity on its spin axis. One non-restrictive 

10 embodiment of said balancing means shall be effected with 
the aid of a balancing feeder composed of a metal washer 
glued into a milling made in said media, said feeder being 
diametrically opposite to said portable object 20 of the 
media 10, as shown on figure 1. The production phase is 

15 ended. 

During the customisation etching phase, data is 
encrypted and written in the media 10. Encryption and 
writing, also called etching, are made using an etching 
machine. Said etching machine is mainly composed of the 
20 following elements : 

• a probe provided with contacts allowing an 
exchange of data between a computer controlling said machine 
and the portable object 2 0 integrated in the media 10, 

• a cryptoprocessor representing an encryption 
25 algorithm for encrypting the data to be etched, 

• a secret key generating software, 

• a software for loading secret keys into the 
portable object 20 of the media 10. 

The customisation-etching phase occurs according to the 
30 following stages : 

• an unrecorded media 10 is loaded, 

• an individual set of secret keys is generated, 

• the data to be encrypted is determined, 

• the data is encrypted with the aid of a sole 
35 secret key Kl , 



ir 
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• said encrypted data is written in said media 10, 
as well as non-encrypted data, 

• the individual set of secret keys are loaded 
into the portable object 20 of the media 10. 

5 The sole secret key Kl is derived from the generated 

individual set of keys. Said key Kl is either one of the 
keys from the set of keys or a combination of keys from said 
set. So as to have an optimised management of the keys and 
associated media, several keys or sets of keys may derive 

10 from a given key, for example when keys are diversified from 
a "master" key. Similarly, so as to facilitate media 
management, a given secret key could be used for a series of 
media able to be recognised for example by a series number. 

It is possible to choose to encrypt all the data of the 

15 media or only one portion. A track comprises data blocks of 
two thousand and forty-eight octets. The data is encrypted 
by groups of eight octets .if an encryption algorithm, such 
as the DES, is used. Other symmetrical encryption algorithms 
can be used. All the data is etched in the peripheral zone 

20 11 of the media. Etching is effected using known methods, 
such as magneto-optical methods or laser colorant burn-off. 
From now on, the media 10 can be used. 

During the use phase, in one first stage the data found 
in the media 10 is read using a media reader 30. As shown on 

25 figures 3 and 4, the reader is basically composed of a plate 
35 housing the media 10, a motor M for making the media 
rotate, a mechanical spindle 32 which slides into the hole 
13 of the media 10, two plates 33 and 34 for keeping the 
media 10 stable when the reader is functioning, a laser 

30 reading head 31 comprising in particular a laser diode and 
photodetectors , the laser diode being able to obtain a laser 
beam, an IDE or SCSI standard interface 36 for connecting 
said reader 3 0 to a computer 40, and a cryptoprocessor 
interface 37 allowing dialogue with the cryptoprocessor 21 

35 of the portable object 20. The plate 34 is known as a doll 
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and is integral with the spindle 32. 

Reading is made optically with the laser beam and is 
defined in standards called the Blue Book published by 
Philips. It is carried out according to a method based on 
5 detecting the reflection of a laser beam on a track at one 
time reflecting and at another time absorbing, thus defining 
data appearing in the form of light. The laser beam is 
accordingly directed towards the photodetectors which are 
transducers allowing a conversion of the light into electric 

10 signals. Said electric signals are processed at a first 
level so as to eliminate any discordance errors during a 
data reading. The track is then reconstructed and then a 
second level corrector code is applied when the latter is 
formatted with the mode 1 . As a result, said track is sent 

15 to the interface 36 of said media reader 30. 

The media 10 and the media reader 30 contain no details 
enabling the encrypted data to be dissociated from the non- 
encrypted data of a track. This thus avoids a fraud being 
made which would consist of copying the indications relating 

20 to an encryption mode of the data contained in the media 10. 

In a second stage, the media reader 3 0 recognises 
whether the media 10 is equipped with a cryptoprocessor . To 
this end, it sends the track read via its cryptoprocessor 
interface 37 to the media 10. In a case where data is sent 

25 back by said media via a first communication channel 361 
open prior to reading of said media 10, said channel being 
included in the interface 36, the reader 30. shall conclude 
that a media 10 is present comprising a portable object 2 0 
composed of a cryptoprocessor 21. In the opposite case, no 

30 data element is sent back and accordingly the media -10 
contains no cryptoprocessor and data reading is made without 
decryption. 

In a third stage in a case where the media 10 is 
equipped with a cryptoprocessor, as shown on figure 4, the 
35 read data DATA is sent to the computer 4 0 connected to said 
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reader 3 0 via a second communication channel 3 62 open prior 
to reading of said media 10, said channel being included in 
the interface 36. This data is known as unprocessed data as 
said data has not been modified. At the same time, the read 
5 data DATA is sent to the cryptoprocessor 21. According to a 
first embodiment, said data DATA is sent via the 
cryptoprocessor interface 37. Thus, before being sent to the 
cryptoprocessor, the data DATA is firstly modified into a 
format able to be understood by the cryptoprocessor, such as 

10 into octets, via the cryptoprocessor interface 37 included 
in the optical disk reader. 

According to a second embodiment as shown on figure 5, 
said data DATA is sent to the cryptoprocessor 21 of the 
portable object 20 with the aid of an all-purpose series 

15 linking bus 38 known as a USB, said bus being integrated in 
the computer 40. Accordingly, a single communication channel 
included in the interface 36 of the reader 30 is required. 
The decrypted data in said cryptoprocessor 21 are then sent 
back to the computer 40 via this same bus 38. Here it is the 

20 computer 4 0 which comprises a cryptoprocessor interface 
which modifies the data DATA into a format able to be 
understood by the cryptoprocessor. 

It shall be noted that this embodiment can also be used 
during the second stage described previously. 

25 At the time the data DATA read is sent to the 

cryptoprocessor, the electric signals of the media reader 30 
corresponding to said data are transferred to the media 10 
and from the media 10 to the portable object 2 0 by means of 
data exchange means integrated in said media and via 

30 exchange means integrated in the media reader 30. 

Either the data exchange means integrated in said media 
10 have contacts or the data exchange means integrated in 
said media 10 have no contacts. 

In the case of data exchange means with no contacts, 

35 according to a non-restrictive embodiment of the invention, 
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the data exchange means integrated in said media 10 have an 
antenna. The data exchange means integrated in the reader 3 0 
have a second antenna. In. this case, the data is exchanged 
via inductive coupling between said first and second 
5 antennae. 

In the case of data exchange means with contacts, 
according to a first non-restrictive embodiment of the 
invention as shown on figure 6, first exchange means IN_B, 
OUT_B, VCC_B and GRD_B are integrated in the media reader 3 0 

10 at the level of the spindle 32 and the doll 34, and as shown 
on figure 7 the data exchange means IN_A, 0UT_A, VCC_A and 
GRD_A are integrated in the media 10 at the level of- a 
central zone which is the neutral zone. 12. When the doll 34 
is in contact with the media 10, the first means enter into 

15 contact respectively with the second means. This makes it 
possible to exchange data between said media reader and said 
media. In addition, the second means IN_A, 0UT_A, VCC_A and 
GRD_A integrated in the media 10 are connected to the 
contact block 23 of the portable object ar respective 

20 contact points I, O, V and G. Said second means IN_A, 
OUT_AZ, VCC_A and GRD_A also allow an exchange of data 
between said media 10 and said portable object 20. Thus, 
said data exchange means integrated in the media 10 and the 
reader 3 0 include input exchange means IN_A, IN_B, output 

25 exchange means 0UT_A, OUT_B, feed means VCC_A, VCC_B and 
earthing means GRD_A, GRD_B . 

The input exchange means IN_A and IN_B make it possible 
to transport the data from the media reader via the media 
10. The contact point 1 and the input device IN_A make it 

30 possible to send the data of the media 10 to the portable 
object 20. The output exchange means 0UT_A and OUT_B make it 
possible to transport data from the media 10 via the media 
reader 30. The contact point O and the output device OUT_A 
make it possible to transmit the data from the portable 

35 object 2 0 to the media 10. The feed means VCC_A and VCC_B 
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feed said portable object 20 with voltage and the earthing 
means GRD_A and GRD__B enable said portable object to be 
earthed . 

According to a second embodiment, the data input 
5 exchange means IN_A, IN_B and the data output exchange means 
0UT_A, OUT_B can be merged and thus be bidirectional 
exchange means . 

It shall be noted that according to another embodiment, 
the first data exchange means IN_B, OUT_B, VCC_B and GRD_B 

10 integrated with the media reader 3 0 can be integrated at the 
level of the lower plate 33 of the reader. 

So as to allow an effective transport of the electric 
signals, said data exchange means integrated in said media 
10 are composed on a material allowing good conductivity and 

15 avoiding excessive oxidation of said means. Thus they are 
made of gold. For example, said means can be rings as shown 
on figure 7, wires or even arcs of circles as shown on 
figure 8. The same applies to the data exchange means 
integrated in the media reader 30. So as to avoid the 

20 presence of a loop sensitive to the electromagnetic 
radiation and thus avoid radio interference due to this 
radiation, the data exchange means integrated in said media 
10 are arcs of circles forming a circular sector with a BETA 
angle and the data exchange means of the reader 3 0 are 

25 circle arcs spaced by an ALPHA angle smaller than the BETA 
angle, as shown on figure 9. The arcs of circles of the 
media 10 and the reader 3 0 have the same width W and are 
distant from a given width L. Thus, permanent contact is 
guaranteed between the various data exchange means . 

30 After the electric signals corresponding to the read 

data DATA are sent to the portable object 2 0 by means of the 
previously defined data exchange means, the data is 
decrypted with the aid of a cryptoprocessor using the sole 
secret key Kl included in the memory 2 2 of the portable 

35 object 20. By means of this sole key system integrated in a 
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portable object, a copy of the data of the media 10 on a 
second media, possibly comprising a cryptoprocessor, cannot 
be used. 

Said cryptoprocessor represents an algorithm opposite 
5 the one used to encrypt said data. Said cryptoprocessor is 
programmed or wired. 

According to a first non-restrictive embodiment, said 
cryptoprocessor is integrated in said portable object 20. 
The secret key Kl does not come out of the chip but stays 

10 there. According to a second embodiment, the cryptoprocessor 
is a cryptoprocessor attached to the media reader 30. In 
this second embodiment, the secret key Kl of the portable 
object 2 0 needs to be sent into the reader temporarily, 
namely the time to decrypt the read data DATA. It is clear 

15 that in this case there is no need to send the data DATA to 
the portable object 20. However, the first embodiment would 
be preferred, said embodiment offering far more protection 
given the fact that the secret key Kl remains in the 
portable object 2 0 and never transmitted outside and is thus 

20 not subject to frauds which would consist of spying on the 
media reader 30 so as to reconstruct said secret key Kl . 
Moreover, the fact that the cryptoprocessor is in the 
portable object prevents a fraudulent person copying the 
means allowing encrypting or decrypting. 

25 In the cryptoprocessor, the data DATA is decrypted 

systematically whether said data has been originally 
encrypted or not, and then if appropriate, are sent back to 
said reader 3 0 and finally sent to the computer 40 via the 
first communication channel 361 if the crytoprocessor 

30 interface 37 is used. 

Alternatively, the unprocessed and decrypted data DATA 
of said media 10 is loaded into a memory 41 of the computer 
40. The computer could therefore mark the various sent sets 
of data. As shown on figure 10, the unprocessed B and 

35 decrypted D data is sent to the computer 4 0 preferably by 
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tracks or complete blocks or octets. It shall be noted that 
the data, not originally encrypted but decrypted via the 
cryptoprocessor 21, are not useable. However, the fact that 
the reader 3 0 systematically sends the computer 4 0 the 
5 unprocessed and decrypted data makes it possible to be 
forewarned of an attack which would firstly consist of 
differentiating the encrypted and non-encrypted data, and 
secondly find a way to use them by quite simply being 
connected to the outlet of the media reader 30. 

10 In a fourth stage, the data sent and loaded into the 

memory 41 of the computer 40 is used as follows : said data, 
which includes the application software of the media 10, is 
composed of a pair of tracks or blocks, one track or block 
Bl being unprocessed and one track or block Dl being 

15 decrypted whose origin is a track or block Ol of data read 
in the media 10. Figure 10 shows an unprocessed block Bl 
composed firstly of zones Ba of non-encrypted data known as 
useful zones, and secondly zones Db of decrypted unusable 
data unable and zones Da, also known as useful zones, of 

20 decrypted data corresponding to the zones Bd of encrypted 
data of the unprocessed block Bl . 

The application software firstly includes a self- 
starting programme recognised by the computer making it 
possible to initialise said software, and secondly the 

25 executable code. Said executable code includes a set of 
links for interconnecting various zones and load new data 
into the memory and reconstruct a data zone. Said start-up 
programme is initially loaded into the computer 40. 

The useful zones of the various blocks generally 

30 comprise firstly a portion of the executable code, and 
secondly application data used by the application software, 
such as images, text, sound. 

As shown on figure 11, the unprocessed block Bl 
comprises a first useful zone B1Z1 whose executable code is 

35 executed and uses the application data required for said 
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execution. At the end of execution of said code, a first 
link B1L1 is positioned on a first useful zone D1Z1 of the 
decrypted block Dl . The code of said zone is executed. At 
the end of execution said code, a link DILI of said zone 
5 D1Z1 is positioned on a second useful zone B1Z2 of the 
unprocessed block Bl whose code is executed, and so on. When 
the final useful zone of the unprocessed block Bl is 
executed, a link makes it possible to load into the memory 
41 of the computer the blocks or tracks of data required by 

10 the application software. Thus, one or several other pairs 
of unprocessed and decrypted tracks or blocks are read and 
loaded into the memory 41. Thus, according to the foregoing, 
it shall be extremely difficult for a person intent on fraud 
to reconstruct the executable code. 

15 It shall be noted that, according to the optical disk 

10 of the invention including a cryptoprocessor as 
previously described, the reader 3 0 could include a 
decryption service. Thus, data shall be sent from the 
computer 40 to the cryptoprocessor 21 of the media 10 so as 

20 to decrypt said data. This service shall be useful for 
certain security architectures in which the application 
software would have to decrypt track portions during 
execution of said software. 

The invention described above has other advantages 

25 described hereafter. The invention has the advantage of 
firstly being able to protect applications written in a high 
level language, and secondly allow management of a large 
number of applications. To this end, the optical disk 10 
comprises DATA forming at least one application written in 

30 high level language, especially in JAVA language (registered 
trademark) . Said applications are preferably fully or 
partially encrypted. Thus, said applications are protected 
as described previously and could not be duplicated. 
Moreover, as the optical disk has a large memory capacity, 

35 it would be possible to manage a large number of 
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applications. Thus, an applications supplier will be able to 
promote its applications and distribute them in bulk. 
Advantageously, the optical disk is accessible on 
writing/reading for an applications supplier. As a result, 
5 the supplier could itself manage the applications on the 
optical disk at any time. For example, at a point of sale, 
the supplier could download applications into a disk from 
one of its computers or servers. 

The optical disk of the invention could be of interest 

10 in the field of mobile telephones. A mobile telephone 
comprises a telephone smart card currently known as an SIM 
card. According to a known prior art, when a user of the 
mobile telephone wishes to use a service of an operator, 
either the application relating to said service is found on 

15 his mobile telephone or needs to be downloaded into the SIM 
card from a server of the operator via a network managed by 
said operator. Often the operators offers new services, such 
as a banking telephone service, to users whose applications 
need to be downloaded. The applications are generally 

20 written in JAVA language so as to be able to be modified and 
managed by the operator. Downloading is a long process, less 
reliable and the network is often congested. In addition, 
the SIM card has a reduced memory and cannot support all the 
applications offered by the operator. By means of the 

25 optical disk of the invention, an operator can distribute 
its applications to users already protected and avoids its 
network becoming congested and the memory of the SIM card 
becoming overloaded. The user buys an optical disk 
comprising the applications relating to the services he 

30 needs. Thus, he merely needs to insert the optical disk into 
his computer and his SIM card into a card reader connected 
to his computer and select the application he wants to load 
into his card. It may be desired to have the optical disk 
only being accessible on reading by the user so as to 

35 prevent him from modifying certain data of the applications. 
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CLAIMS 

1. Protected optical disk (10) for storing data, 
characterised in that it comprises firstly a portable object 

5 (20) comprising a memory (22) including at least one secret 

key (Kl) ,. and secondly data exchange means, said key (Kl) 
able to decrypt the data (DATA) of said disk whilst 
remaining inside said portable object (20), said exchange 
means (IN_A, 0UT_A, VCC_A, GRD_A) making it possible to 
10 exchange said data between said portable object and said 
disk . 

2. Optical disk according to claim 1, characterised in 
that said portable object is a chip with an integrated 
circuit . 

15 3 . Optical disk according to one of the preceding 

claims, characterised in that said portable object is 
integrated in a central zone of said disk (10) . 

4. Optical disk according to one of the preceding 
claims, characterised in that the data exchange means (IN_A, 

20 0UT_A, VCC_A, GRD_A) are integrated in a central zone of the 
disk (10)-. 

5. Optical disk according to one of the preceding 
claims, characterised in that it comprises balancing means 
(E) for balancing said disk. 

25 6. Optical disk according to one of the preceding 

claims, characterised in that the data exchange means 
integrated in said disk (10) have contacts. 

7. Optical disk according to one of claims 1 to 5, 
characterised in that the data exchange means integrated in 

30 said disk (10) have no contacts. 

8. Optical disk according to one of the preceding 
claims, characterised in that the data (DATA) is decrypted 
using a cryptoprocessor . 

9. Optical disk according to claim 8, characterised in 
35 that said cryptoprocessor is integrated in said portable 
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object (20) . 

10. Optical disk according to claim 8, characterised in 
that the data (DATA) is firstly modified into a format able 
to be understood by the cryptoprocessor by means of a 

5 cryptoprocessor interface (37) included in an optical disk 
reader . 

11. Optical disk according to claim 8, characterised in 
that the data (DATA) is firstly modified into a format able 
to be understood by the cryptoprocessor by means of a 

10 cryptoprocessor included in a computer (40) . 

12. Optical disk according to one of claims 1 to 11, 
characterised in that data (DATA) from the disk is intended 
to be systematically decrypted whether said data has been 
originally encrypted or not. 

15 13. Optical disk according to one of claims 1 to 12, 

characterised in that a set of unprocessed data (B) and a 
set of decrypted data both sets originating from a set of 
data read in the disk (10) are intended to be sent to a 
computer (40) . 

20 14. Optical disk according to claim 13, characterised 

in that a set of unprocessed data (B) is composed of at 
least one' zone of unusable encrypted data and a set of 
decrypted data (D) is composed of at least one zone of 
usable decrypted data (Da) . 

25 15. Optical disk according to claim 14 or 15, 

characterised in that a set of unprocessed data (B) is 
composed of at least one zone of usable non-encrypted data 
(Ba) and a set of decrypted data (D) is composed of at last 
one zone of unusable decrypted data (Dd) . 

30 16. Optical disk according to claim 13 or 14, 

characterised in that a useful data- zone comprises an 
executable code portion and application data. 

17. Optical disk according to claim 16, characterised 
in that the executable code includes a set of links for 

35 interconnecting various data zones, load new data into the 
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memory and reconstruct ing a data zone. 

18. Optical disk according to one of claims 1 to 17, 
characterised in that the data (DATA) of the disk form at 
least one application written in high-level language. 
5 19. Optical disk according to claim 18, characterised 

in that the application is partially or totally encrypted. 

20. Method for protecting an optical disk (10) for 
storing data, characterised in that the method comprises 
stages according to which : 

10 • data (DATA) of said disk (10) is decrypted with 

the aid of a secret key (Kl) included in a memory (22) of a 
portable object (20) integrated in said disk and remaining 
inside said object during decryption, 

• the data (DATA) of said disk (10) is exchanged 
15 between said portable object (20) and said disk by means of 

data exchange means (IN_A, 0UT_A, VCC_A, GRD_A) integrated 
in said disk. 

21. Method according to claim 20, characterised in that 
said portable object is a chip with an integrated circuit. 

20 22. Method according to claim 20 or 21, characterised 

in that the decryption stage is carried out using a 
cryptoprocessor integrated in said portable object (20) . 

23. Method according to claim 22, characterised in that 
it comprises an additional stage according to which : 

25 • prior to the decryption stage, the data (DATA) 

is modified into a format able to be understood by the 
cryptoprocessor via a cryptoprocessor (37) included in an 
optical disk reader. 

24. Method according to claim 22, characterised in that 
30 it comprises an additional stage according to which : 

• prior to the decryption stage, the data (DATA) 
is modified into a format able to be understood by the 
cryptoprocessor by means of a cryptoprocessor interface (37) 
included in a computer (40) . 

35 25. Method according to one of claims 2 0to 24, 
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characterised in that in the decryption stage the data 
(DATA) is decrypted systematically regardless of whether 
said data was originally encrypted or not. 

26. Method according to one of claims 2 0 to 25, 
5 - characterised in that it comprises an additional stage 
according to which : 

• a set of unprocessed decrypted data (D) 
originating from a set of data read in the disk (10) is 
loaded into a computer (40) . 

10 27. Method according to claim 26, characterised in that 

loading is carried out alternately. 

28. Method according to claim 26, characterised in that 
a set of unprocessed data (B) is composed of at least one 
zone of unusable encrypted data (Bb) and a set of decrypted 

15 data (D) is composed of at least one zone of usable 
decrypted data (Da) . 

29. Method according to claim 26, characterised in that 
a set of unprocessed data (B) is composed of at least one 
non-encrypted useful zone of data (Ba) , and a set of 

20 decrypted data (D) is composed of at least one zone- of 
unusable decrypted data (Dd) . 

30. Method according to claim 28 or 29, characterised 
in that it comprises an additional stage according to which 

25 • one executable code portion included in the 

useful data zone is executed including application data. 

31. Method according to claim 30, characterised in that 
it comprises an additional stage according to which : 

• various data zones are interconnected, new data 
30 is loaded into the memory and a data zone is reconstructed 

with the aid of a set of links included in the executable 
code . 

32. Method according to one of claims 20 to 31, 
characterised in that it comprises an additional stage 

35 according to which : ■ . ; 
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• data is encrypted by means of a secret key (Kl) , 

• said encrypted data is written in said disk 

(10) . 

33. Method according to one of claims 20 to 32, 
5 characterised in that it comprises data (DATA) forming at 

least one application written in high-level language. 

34. Method according to claim 33, characterised in that 
the application is partially or totally encrypted. 



25 
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ABSTRACT TO THE DISCLOSURE 



The invention concerns a protected optical disk for 
storing data. It also concerns a method for protecting said 
disk. The invention is characterised in that said disk 
firstly comprises a portable object comprising a memory 
including at least one secret key, and secondly data 
exchange means, said key making it possible to decrypt the 
data of said disk whilst remaining in said portable object, 
said exchange means making it possible to exchange said data 
between said portable object and said disk. The invention 
can be applied in particular to CD-ROMs. 



Figure 8 
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